Security researchers say code designed to exploit a recently announced critical vulnerability in Microsoft operating systems now is widespread on the Internet. The code crashes targeted computers by exploiting a flaw in Microsoft"s Abstract Syntax Notation 1 Library in Windows NT, 2000 and XP. The exploit code was discovered Saturday, four days after the vulnerability and a patch to correct it was announced by Microsoft. "The exploit we discovered is fully functional and does cause targeted computers to crash," said Ken Dunham, director of malicious code for iDefense Inc. of Reston, Va. "The widespread distribution of this code has significantly increased the threat level for ASN.1. It is far more likely that we will soon see hacking, Trojans and worms emerge against this vulnerability."
The code is available on several discussion groups and Web sites. No attacks using the exploit were being reported as of this morning. The code causes the Microsoft Local Security Authority Subsystem process, LSASS.exe, to crash. It can be sent via Server Message Blocks or NetBIOS file sharing protocols to computers listening on ports 445 or 139. Blocking untrusted access to these ports and installing the Microsoft patch will protect against this exploit. "Most large companies have already started to roll out patches," Dunham said. "It will take at least five to seven days for most to completely patch computers, and that is not including a comprehensive audit."